FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

go -- misc/wasm, cmd/link: do not let command line arguments overwrite global data

Affected packages
go < 1.17.2,1

Details

VuXML ID 4fce9635-28c0-11ec-9ba8-002324b2fba8
Discovery 2021-10-06
Entry 2021-10-09

The Go project reports:

When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments.

If using wasm_exec.js to execute WASM modules, users will need to replace their copy after rebuilding any modules.

References

CVE Name CVE-2021-38297
URL https://github.com/golang/go/issues/48797